HIT Policy Committee Nationwide Health Information Network Governance Workgroup Appendix :...

HIT Policy CommitteeHIT Policy Committee

Nationwide Health Information NetworkNationwide Health Information Network

Governance WorkgroupGovernance Workgroup

Appendix: Supporting Details to Recommendations Presented to the HITPC on 12/13/10

Draft 12/10/10 v5

Pre-Decisional DraftPre-decisional DRAFT. For HITPC Consideration – 12/13/10

Appendix: Table of Contents

1. Governance principles and functions

2. NW-HIN as preferred approach

3. Federal, ONC and shared responsibilities

4. Conditions of Trust and Interoperability

5. Validation

6. Public comments

2Pre-decisional DRAFT. For HITPC Consideration – 12/13/10

1. GOVERNANCE PRINCIPLES AND FUNCTIONS

Recommendations to the HITPC 10/20/10

3

NW-HIN Governance Principles (1)

1. Transparency and openness– Maximize to extent possible in developing governance; in the

structures, standards, services and policies, including privacy protections themselves; in information sharing, oversight, enforcement and accountability.

– Support engagement of the general public and those exchanging information.

2. Inclusive participation and adequate representation– Explicit preference for inclusion of diverse stakeholders over

exclusion. – Permit and encourage robust participation in governance by

diverse stakeholders, including consumers. If necessary for scalability, support representative models.



3. Effectiveness and efficiency– Form should follow function. Functions should be conducted

with goal of maximizing efficiency and effectiveness.– Responsiveness and minimization.

4. Accountability– Participating stakeholders and governance mechanisms

should be accountable and, as part of the national health agenda, be understood to have some responsibility to the nation at large.



5. Federated governance and devolution– Multiple functions may be distributed across multiple entities,

with national-level coordination.– Decisions should be made by those closest to the issue and with

the greatest stake in successful resolution and NW-HIN goals. – Federal government should perform those functions that require

centralized governmental control, particularly in areas essential to maintaining public trust and assuring the NW-HIN meets stated national HIT goals.

61

Pre-decisional DRAFT. For HITPC Consideration – 12/13/10


6. Clarity of mission and consistency of actions– Rights, responsibilities and obligations should be well-

documented and clear to all stakeholders. Consistency in decision-making is helpful for stakeholder planning, but should not be an obstacle to innovation or improvement.

7. Fairness and due process– Governance must be fair to those that participate or are

affected by governance decisions. Governance processes should include due process to assure fairness and responsiveness.



8. Promote and support innovation– Governance should be consistent with creating conditions for

innovation, and focus on those issues that require uniform treatment. Administrative burdens should be minimized and voluntary agreements, in principle, preferred.

– Degree of uniformity in policies and standards should reflect the needs for that particular issue and consider where necessary to enable and not inhibit innovation. Technical standards should not set policy, but support and be in service to policy goals.

9. Evaluation, learning and continuous improvement– Governance should be evaluated based upon appropriate

performance and effectiveness measures, with ongoing evaluation and adaptations and improvements to meet evolving NW-HIN.

– Given critical nature of healthcare and sensitivity of health information, particular attention should be paid to issues implication safety.


NW-HIN Governance Objectives and Functions


Establish policies and practices for NW-HIN

• There should be a uniform set of NW-HIN policies and practices that are followed as a condition of exchanging health information through the NW-HIN and that should be reflected in technical design.• Privacy, security, interoperability, eligibility criteria, compliance

expectations and jurisdiction.

• There should be mechanisms to: – Address gaps in policies and practices– Coordinate to assure policies and technical requirements are consistent.

• Necessary to assure that sufficient privacy protections and safeguards are in place to facilitate and promote nationwide exchange, interoperability and to remove barriers to nationwide exchange of health information


10

Establish technical requirements

• Adopt technical requirements for the NW-HIN through a recognized process that coordinates and harmonizes standards and that provides for stakeholder input, including consumers.

• There should be mechanisms to address: – Transition processes as technical requirements change.– Authorization of technical resources for use in NW-HIN (e.g.

provider directories, certificate authority, registries.)

• Necessary to assure that technical requirements are established to accomplish interoperability and policy objectives for trust, including a defined security level of assurance.


11

Compliance, accountability and enforcement

• Assure that eligibility criteria are satisfied and that compliance with conditions for trust and interoperability are met, as well as clear accountability and appropriate enforcement.– Establish and conduct validation to determine eligibility and verify

compliance with policy and technical requirements as a condition of exchanging information through the NW-HIN.

– Determine consequences of non-compliance with policies, practices and technical requirements.

– Provide a mechanism to address disputes, concerns or complaints, taking into account measures provided for under existing law.

– Determine how mechanisms for redress, remedies and sanctions would be applied.

– Consider need for coordinated investigation, enforcement and breach notification.


12

Oversight of the governance mechanisms

• Oversight is necessary to assure governance objectives are met and are effective and able to adapt over time.– Track or measure certain issues or activities in support of

overseeing the effectiveness and efficiency of NW-HIN governance.

– Oversee ongoing compliance. – Conduct ongoing assessments of risks and benefits for the NW-

HIN governance, including prevention of harm. – Periodically evaluate the performance of the overall governance

mechanisms and incorporate the findings into continuous improvement.

– Resolve disputes regarding decision rights among federated governance functions.


13

2. NW-HIN AS PREFERRED APPROACH

14

Nationwide Health Information Network

• ONC Definition: A set of policies, standards and services that enable the Internet to be used for secure and meaningful exchange of health information to improve health and health care.

Private and secure health information exchange enables information to follow the patient when and where it is needed for better care. The Federal government is working to enable a wide range of innovative and complementary approaches that will allow secure and meaningful exchange within and across states, but all of our efforts must be grounded in a common foundation of standards, technical specifications, and policies. Our efforts must also encourage trust among participants and provide assurance to consumers about the security and privacy of their information. This foundation is the essence of the nationwide health information network.

» David Blumenthal, May 14, 2010


Workgroup Consideration of NW-HIN for Governance (1)

• What is NW-HIN? – An environment of trust and interoperability created by NW-HIN standards,

services and policies, and– A preferred approach for exchange of health information nationwide supported by

the federal government, with strong incentives to vigorously promote adoption.

• When is exchange considered NW-HIN and subject to NW-HIN governance?

– When that exchange complies with applicable NW-HIN standards, services and policies (i.e. NW-HIN conditions of trust and interoperability (COTIs); and

– When those exchanging health information assert they are doing so under the auspices of NW-HIN.

• When is exchange not considered NW-HIN and, therefore, not subject to NW-HIN governance?

– When not asserted to be NW-HIN compliant.– If there is only compliance with a portion of the applicable NW-HIN requirements

(e.g. exchange complies with NW-HIN technical requirements, but not NW-HIN policies, or vice versa)


Workgroup Consideration of NW-HIN for Governance (2)

• Who is part of NW-HIN? – Any entity, large or small, or aggregation of entities, large or small,

that engages in the exchange of health information, asserts itself as being NW-HIN compliant and is recognized to have met NW-HIN conditions of trust and interoperability (COTIs).

• Why would entities want to be part of NW-HIN? – Entities will be more willing and able to exchange with unfamiliar

partners who are recognized as meeting NW-HIN COTIs.

– Provides a benchmark for entities who wish to qualify for Federal contracts, exchange with federal entities, and be eligible for other federally-supported incentives.

– Entities may believe that they would be advantaged competitively in the marketplace if they meet widely recognized conditions of trust and interoperability.


3. FEDERAL, ONC AND SHARED RESPONSIBILITIES

18

Federal Leadership and Shared Responsibilities

• For the NW-HIN to be successful and to ensure the public good, the federal government should: – Provide strong federal leadership, support and engagement in

the NW-HIN environment and its governance.– Establish fundamental requirements for trust and

interoperability.

• Other entities should have specific appropriate roles with respect to NW-HIN governance.

• Certain aspects of governance (e.g. accountability, enforcement, oversight) should apply across NW-HIN governance roles.


Governance Framework

• ONC should establish a national framework for governance of the NW-HIN that:– Assures trust and interoperability.– Reflects “governance of governances.”– Is based upon the nine sound governance principles.– Includes national-level coordination and oversight across a set

of core functions.– Provides opportunities for broad stakeholder input, including

consumers.


Specific Federal Responsibilities

• The federal government should: – Leverage existing governance and enforcement mechanisms as

applicable.– Recognize existing state authorities across all relevant domains,

facilitating coordination and harmonization with states and other entities as needed.

• Federal agencies should: – Participate fully and directly in the NW-HIN, including in

appropriate governance mechanisms. – Meet NW-HIN COTIs when exchanging in NW-HIN environment. – Condition federal information exchange upon compliance with

NW-HIN requirements.


ONC Responsibilities

ONC specifically should: • Facilitate coordination

– Across federal activities /authorities, and identify needs to strengthen.

– Identify incentives that vigorously promote use of the NW-HIN. – Optimize broad stakeholder input, including consumers.

• Establish core NW-HIN elements– NW-HIN Conditions of Trust and Interoperability (COTIs).– Criteria and mechanisms to verify compliance with NW-HIN COTIs.

• Oversee NW-HIN governance and assure accountability– Monitor and highlight innovation and address governance barriers. – Provide ongoing evaluation and continuous improvement.


4. CONDITIONS OF TRUST AND INTEROPERABILITY

23

NW-HIN Conditions of Trust and Interoperability

• There should be a defined set of conditions of trust and interoperability established for the NW-HIN (NW-HIN COTIs): – Include policies, eligibility criteria* and technical requirements for the

NW-HIN.– Engender trust, promote interoperability, address barriers to

nationwide exchange while remaining technology agnostic.

• NW-HIN COTIs should provide a baseline and address the need for variability: – Universally required NW-HIN COTIs should apply across all NW-HIN

scenarios.– Other NW-HIN COTIs may be required in particular circumstances.

• The Governance rule should establish an initial set of COTIs and processes for adding and modifying.

24* The federal government should determine whether any factor should preclude an entity from eligibility, temporarily or permanently. Pre-decisional DRAFT. For HITPC Consideration – 12/13/10

NW-HIN COTI Considerations

• How should NW-HIN COTIs be developed and maintained?– Should COTIs be established only through rulemaking?

– Should categories of COTIs be established in the rule, with a federally-guided process for developing and approving them?

– Should a non-governmental entity (e.g. similar to the role of SDOs in HIPAA) do some or all of the developmental work, following federally-set process requirements, and bring COTIs to ONC for approval?

• How should final acceptance of the COTIs be addressed?• Through rulemaking?

• Through an approval process established in the rule?


NW-HIN COTI Process (1)

• When developing and maintaining NW-HIN COTIs, obtain input from a broad range of stakeholder communities, including consumers.

• Establish COTIs through a multi-phased process. – NW-HIN COTIs that are available at the time of rulemaking

should be adopted for the NW-HIN. – There should be a process for adding other NW-HIN COTIs.– There should be a process for maintaining NW-HIN COTIs,

including those established in the rule itself and others adopted for the NW-HIN.


NW-HIN COTI Process (2): Example

• Following is an example of a process in which NW-HIN COTIs could be initiated, developed, proposed, reviewed and approved through a combination of rulemaking and other processes:– Define categories of COTIs for which new/modified COTIs should be

subject to rulemaking. – Work with other agencies having appropriate jurisdiction when

modifications in those agencies’ rules are desired.– Specify which categories of NW-HIN COTIs should be subject to

another process, including the criteria by which a candidate NW-HIN COTI would be evaluated.

– Define a process by which proposed, new / modified conditions would be reviewed and included as part of NW-HIN COTIs by the federal government.


5. VALIDATION

28

NW-HIN Validation*

• NW-HIN COTIs are established to assure trust and interoperability. A mechanism should be established to verify that the conditions have been satisfied (i.e. “NW-HIN Validation”).

• NW-HIN validation should: – Be required for exchanging in NW-HIN environment and

asserting NW-HIN compliance. – Include appropriate validation processes and criteria, including

process to address non-compliance. – Maintain appropriate balance between assuring that COTIs

have been satisfied and cost and burden of validation.

29

* Validation is used to generally refer to the process for verifying compliance. This could include a broad array of possible methods (e.g. self attestation, testing, certification of systems, accreditation of entities, etc.)


Scope of NW-HIN Validation

• NW-HIN validation is a process to verify that NW-HIN COTIs have been satisfied. – NW-HIN validation should leverage existing validation methods, processes and

entities where appropriate. – Validation facilitated by other entities (e.g. by states, other networks, etc.) may

satisfy NW-HIN validation.

• There may be different methods of validation depending upon the nature of the COTIs. For example: – Validation methods for trust and interoperability will likely differ and should be

appropriate for the NW-HIN COTI. • Validation of systems to assess system conformance with NW-HIN technical

requirements (e.g. testing, certification, etc.)• Validation that an entity meets NW-HIN requirements (e.g. self-attestation, legal

agreements, accreditation, etc.)

• There may be different methods of validation depending upon the level of certainty needed to assure that COTIs and other NW-HIN requirements are met.


Example Interactions: NW-HIN Validation

31

Establish NW-HIN validation process and criteria

Federal

Establish mechanism to authorize NW-HIN validation body(ies) / equivalency

Oversee NW-HIN validation efforts; serve as “court of appeals”

Recognized as authorized NW-HIN validating body

Validation Body(ies)

Approve, deny or revoke compliance recognition

Oversee and enforce ongoing compliance

Validated PartyAppeal decision


Feedback Loop

Example: Federal Responsibilities - Validation

• Federal responsibilities: – Establish and maintain validation criteria.– Assure the validation criteria reflect the COTIs.– Establish a mechanism to authorize NW-HIN validation

body(ies) and a process by which existing and equivalent validations are recognized.

– Maintain appropriate balance between assuring that COTIs have been satisfied and cost and burden of validation.

– Coordinate and oversee NW-HIN validation body(ies) to assure NW-HIN goals and principles of NW governance are met.

– Serve as “court of appeals” for decisions by validation body(ies) to approve, deny, revoke recognition of compliance


Potential Responsibilities of NW-HIN Validation Body(ies)

• Apply established and applicable eligibility criteria to determine eligibility.

• Verify that practices are consistent with applicable NW-HIN policies.

• Verify that systems used to exchange through the NW-HIN environment meet NW-HIN COTIs, including technical requirements.

• Issue validation decision to approve, deny, revoke NW-HIN recognition of NW-HIN compliance.

• Investigate possible non-conformance with COTIs and take appropriate remedial action including revoking NW-HIN compliance recognition when warranted, with provision for appeals.


6. PUBLIC COMMENTS

34

Public Hearing: Example Models of Governance

• Financial Services / Payment Card Industry • HIPAA• Federal Trade Commission• Federal initiatives• National Quality Forum (NQF)• Lessons from NW-HIN Exchange• Standards and Interoperability Framework


Key Findings Regarding Governance Roles: Public Hearing

• Leverage and coordinate across existing federal authorities.

• Provide strong federal leadership, engagement and participation.

• Federal role needed to: – Set national-level policy and adopt interoperability standards only

where critical to enable trust and interoperability for nationwide exchange.

– Oversee and coordinate across a set of governance processes that, together, comprise NW-HIN governance.

– Assure NW-HIN governance includes ability to evaluate, learn and adapt on an ongoing basis.


Key Findings Regarding Governance Roles: Public Hearing (cont’d)

• Recognize that there will likely be a variety of approaches and multiple levels of coordination, validation, and enforcement: – Different views expressed regarding need for national-level

validation mechanisms, such as certification and accreditation. Some recommended it; others cautioned that it was premature to do this.

– Need for national-level coordination across wide range of stakeholders to build consensus and inform development of NW-HIN requirements.

– Recognition that enforcement occurs at various levels, through other federal authorities (e.g. FTC, OCR) states, local, and exchange partners, often through contractual mechanisms.


Blog 1: Where to Leverage?

• Are there existing entities or processes performing a particular governance function? If so: – Does it accomplish the NW HIN governance objectives and

principles?– Can it scale to meet NW-HIN needs?

• Which essential functions or activities are not currently addressed, but are needed now to overcome barriers and to promote exchange through the NW-HIN?– Should the federal government perform that function directly or

delegate it?– If delegated, to whom? – If a new entity is needed, what type of structure / attributes should it

have?


Key Findings: Blog 1 (10/25/10) - 1

• 234 Commenters (33 – blog; 201 - E-mail)• Need for public education and use of plain language

– Commenters generally seemed unclear over the function and role of the NW-HIN.

• More emphasis should be placed on safety.• Greatest concern was privacy and security of protected

health information (PHI), and need for strong privacy and security protections, e.g. mechanisms for consent, control, authorization, and explicit policies for data reuse.

• Public comments varied but mainly sought to leverage existing mechanisms where appropriate.



• Specific suggestions for:– State / federal partnership.

– Need for national-level policies and standards, with input from HITPC.

– National accreditation program for qualified entities.

– Public-private collaborative structure to act as a convener and support adoption of NW-HIN.

• Suggestions for leveraging existing governance structures:– For policies and practices: FCC, state regulatory frameworks,

Exchange Coordinating Committee.

– For interoperability requirements: Standards Development Organizations (SDOs).

– For validation: CCHIT, EHNAC, ONC-ATCB model.


Blog 2: Roles and Responsibilities

• Focus on federal and ONC responsibilities, development and validation of NW-HIN COTIs

• Blog for additional public input (11/30/10)– Which activities should be tightly held by the federal

government?– Should there be an overarching entity to accredit NW-HIN

validation bodies?– Is there a need for a governance mechanism in the near-term

to address implementation support and coordination? If so, what type of entity should facilitate this?



• There should be a well formed committee to supervise these standards or make the standards (and the development process of standards) more open; a proposal based approach.

• It is absolutely critical that standard file formats be developed for any systems funded, in whole or part, with federal dollars.

• Support for delegating areas of accreditation and certification and using a more federated, governance of governances, approach. Recognition that government is not usually the best place for innovation to occur, but acts best when it is a platform for innovation.



• Information should be communicated to all people involved. Responsive governance shouldn’t be confused with reactionary approach.

• Government and non-government roles should be addressed equally.• Governance must remain tightly controlled at the federal level to the

extent that it sets policy and defines the principles for participation.• There should be an overarching validation entity, with implementation and

day to day operation of certification / accreditation handled by multiple other entities, many of which already exist within and outside government.

• The federal government should certify these various entities as valid certification / accreditation entities for HIT to assure trust in the overall system.



• The federal government must establish an oversight body that will be able to support current efforts being made throughout the nation to implement HIT. At the very least, individuals and entities adopting HIT should be able to look for support and advice as to whether what they are implementing is valid in terms of governance structures and privacy and security practices.

• There should be an overarching governance committee that includes representatives across the various NW-HIN projects, with representatives from the Security and Trust developers.


Examples of Other Governance Models

• Other models of governance suggested through diverse input– OMB HIT Task Force– International models (UK and Canada)– ISO – OECD Principles of Corporate Governance


HIT Policy Committee Nationwide Health Information Network Governance Workgroup Appendix :...

Documents

Transcript of HIT Policy Committee Nationwide Health Information Network Governance Workgroup Appendix :...